Can CALDAP Server be "forced" to only connect with an SSL connection?
search cancel

Can CALDAP Server be "forced" to only connect with an SSL connection?

book

Article ID: 205369

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Are there any parameters in CALDAP Server slapd.conf configuration file that will force a connection to be SSL only?

Environment

Release : 16.0

Component : CA LDAP Server for z/OS

Resolution

The security <factors> parameter will accomplish this. 

Specifies the security level that is required for the various access methods
to all CA LDAP data from both secure and non-secure CA LDAP ports.
Before configuring this setting, you must configure CA LDAP for encryption.
For more information, see Set Up Certificate Logon.
Default: No factors applied.
Format: security tls=x and update_tls=x

To secure access to all CA LDAP operations, you must configure both
tls and update_tls.
tls controls security access for logon and search operations.
update_tls controls security access to update operations.
For tls=x, x specifies the TLS security strength factor that is
required for performing logon and search operations.
For update_tls=x, x specifies the TLS security strength factor
that is required for performing update operations.
A value of 0 means TLS security is not required.
A value of 1 or greater means some level of TLS security is
required to perform the specified operation.
The value corresponds to the TLS encryption key length.
The higher the value, the stronger the required encryption.
Examples:
In this example, security is required for applications to
perform any CA LDAP operations, but any encryption level can be used:
security tls=1 update_tls=1

In this example, security is required for applications to perform
logon and search operations with any encryption level, but update
operations require an encryption level of 256 or higher:
security tls=1 update_tls=256

In this example, security with an encryption level of 256 or higher is required for applications to perform all operations:
security tls=256 update_tls=256

Additional Information

See techdocs for CA LDAP Server